I'm using cloud run behind a load balancer. However, it's simply a passthrough that performs ssl termination of my own certificate and exposes the cloud run service(s).
I read this and thinking of trying it out.
https://cloud.google.com/run/docs/mapping-custom-domains#run
In the Firebase docs, it says:
"After we verify domain ownership, we provision an SSL certificate for
your domain and deploy it across our global CDN within 24 hours after
you point your DNS A records to Firebase Hosting.
Your domain will be listed as one of the Subject Alternative Names
(SAN) in the FirebaseApp SSL certificate. "
For Cloud Run, it says something similar. It will generate and manage my SSL certificates. Does anybody have experience with this?
Will this newly generated certificate invalid my current cert? I assume so, and that's ok. I'm only using cloud run for subdomains like api-prod.example.io for my API and app-prod.example.io for my frontend nginx static webserver.
Is their any other considerations of why I should not move over? If I do move over, should I do Firebase instead? I supposed it's:
Firebase + Cloud Run
vs
Cloud Run
vs
GCP LB + Cloud Run + Own Managed Certificate (Current)
Thanks in advance!
I am trying to issue a SSL certificate for my loadbalancer, which serves traffic to an application hosted on GKE cluster in the backend. I have reserved a static IP for the loadbalancer, and I am able to access the application over HTTP.
Early this week, I had managed to generate SSL certificates and attached it to the load balancer using the GCP managed SSL certificates, and my domain was working on HTTPS network. However I had to delete the loadbalancer and launch it again using the Kubernetes Ingress. But now I am not able to apply the certificates to the loadbalancer. The certificates fail to provision with the error: FAILED_RATE_LIMITED.
Now I have deleted all the previously generated certificates on my account, and there is a single certificate now. According to the error, I have exhausted the number of GCP managed SSL certificates on my account. But I have deleted all the previously generated certs and I have almost waited for 10-11 hours, but the issue still exists. Is there a solution to this?
I am trying to upload a custom domain SSL certificate to be used in IBM Cloud cloud foundry organization. I upload the certificate (PEM), the private key and the intermediate certificate... then I get the "processing" status but after some minutes the domain entry in the table goes back to the upload SSL Certificate option.
I am getting no warning or mail error. How can I know what is going wrong with the files uploaded?
I own a custom domain. (i.e. domain.com) and have been routing the traffic to my Bluemix (Java Liberty) application just fine for the last year. (By adding the domain to the "Manage Domains" screen on the console.)
I've been trying to upload a SSL Certificate I purchased from Namecheap (RapidSSL) for this domain, to the console, but keep getting this error:
BXNUI0060E: A certificate for the 'domain.com' domain wasn't uploaded because a problem occurred contacting IBM DataPower Gateway.
I use the (.crt) certificate and (.pem) private key with password. I enter both those and the password in the appropriate fields and click 'Upload', but this appears after a minute. Also, I have tried with and without the intermediate (.crt) certificate, but still get the same error.
This error has been consistent for the last month. So I don't think its anything to do with my connection. Is there something I'm doing wrong? Thanks for any and all help!
Two possible causes of this error would be a temporary service outage at Bluemix or a software mismatch due to a Bluemix service upgrade. You can check for outages and upgrade notices on the Bluemix status page. You can also find information about upgrades on the IBM Bluemix blog.
I am using an Amazon S3 bucket for uploading and downloading of data using my .NET application. Now my question is: I want to access my S3 bucket using SSL. Is it possible to implement SSL for an Amazon s3 bucket?
You can access your files via SSL like this:
https://s3.amazonaws.com/bucket_name/images/logo.gif
If you use a custom domain for your bucket, you can use S3 and CloudFront together with your own SSL certificate (or generate a free one via Amazon Certificate Manager): http://aws.amazon.com/cloudfront/custom-ssl-domains/
Custom domain SSL certs were just added today for $600/cert/month. Sign up for your invite below:
http://aws.amazon.com/cloudfront/custom-ssl-domains/
Update: SNI customer provided certs are now available for no additional charge. Much cheaper than $600/mo, and with XP nearly killed off, it should work well for most use cases.
#skalee AWS has a mechanism for achieving what the poster asks for, "implement SSL for an Amazon s3 bucket", it's called CloudFront. I'm reading "implement" as "use my SSL certs," not "just put an S on the HTTP URL which I'm sure the OP could have surmised.
Since CloudFront costs exactly the same as S3 ($0.12/GB), but has a ton of additional features around SSL AND allows you to add your own SNI cert at no additional cost, it's the obvious fix for "implementing SSL" on your domain.
I found you can do this easily via the Cloud Flare service.
Set up a bucket, enable webhosting on the bucket and point the desired CNAME to that endpoint via Cloudflare... and pay for the service of course... but $5-$20 VS $600 is much easier to stomach.
Full detail here:
https://www.engaging.io/easy-way-to-configure-ssl-for-amazon-s3-bucket-via-cloudflare/
It is not possible directly with S3, but you can create a Cloud Front distribution from you bucket. Then go to certificate manager and request a certificate. Amazon gives them for free. Ones you have successfully confirmed the certification, assign it to your Cloud Front distribution. Also remember to set the rule to re-direct http to https.
I'm hosting couple of static websites on Amazon S3, like my personal website to which I have assigned the SSL certificate as they have the Cloud Front distribution.
If you really need it, consider redirections.
For example, on request to assets.my-domain.example.com/path/to/file you could perform a 301 or 302 redirection to my-bucket-name.s3.amazonaws.com/path/to/file or s3.amazonaws.com/my-bucket-name/path/to/file (please remember that in the first case my-bucket-name cannot contain any dots, otherwise it won't match *.s3.amazonaws.com, s3.amazonaws.com stated in S3 certificate).
Not tested, but I believe it would work. I see few gotchas, however.
The first one is pretty obvious, an additional request to get this redirection. And I doubt you could use redirection server provided by your domain name registrar — you'd have to upload proper certificate there somehow — so you have to use your own server for this.
The second one is that you can have urls with your domain name in page source code, but when for example user opens the pic in separate tab, then address bar will display the target url.
As mentioned before, you cannot create free certificates for S3 buckets. However, you can create Cloud Front distribution and then assign the certificate for the Cloud Front instead. You request the certificate for your domain and then just assign it to the Cloud Front distribution in the Cloud Front settings. I've used this method to serve static websites via SSL as well as serve static files.
For static website creation Amazon is the go to place. It is really affordable to get a static website with SSL.